IamTomcatConfig – IAM / Projects

Context Navigation

Last modified 12 years ago Last modified on 12/09/11 11:41:08

IAM Projects / IAM Tomcat Configuration

This page documents various tweaks to the IAM Tomcat configuration.

Elimination of weak SSL ciphers
Add the ciphers option as shown below to the connector. You may need the SSLInfo Java app (which is attached below) to list available ciphers and to get a list of cipher names for use in the cipher option.

...
    <Connector port="8443" 
        protocol="HTTP/1.1" 
        SSLEnabled="true" 
        maxThreads="150" 
        scheme="https" 
        secure="true" 
        clientAuth="false" 
        sslProtocol="TLS"
        ciphers="SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_RSA_WITH_AES_128_CBC_SHA" />
...

Attachments

SSLInfo.java (1.1 KB) - added by jpmitchell@… 12 years ago.
SSLInfo.class (1.6 KB) - added by jpmitchell@… 12 years ago.

Download in other formats:

Plain Text